Please Help! I installed this hack and now I can't login at all!
Info:
Xoops version 2.03
PHP version 4.3.2
MySQL version 1.3.27 (Unix)
I installed per the given instructions and I get an 'incorrect login' error everytime I or anyone else tries to login to my site. If I use the lost password function I get the new password just fine but It doesn't work. I installed this hack yesterday and all was well. I stayed logged into my account for over 12 hours but then XOOPS logged me out and I couldn't get back in under any account. What could be wrong? This is what my code looks like after I have finished installing the hack:
file
include/common.php
}
}
if ($xoopsModule->getVar('hasconfig') == 1 || $xoopsModule->getVar('hascomments') == 1 || $xoopsModule->getVar( 'hasnotification' ) == 1) {
$xoopsModuleConfig =& $config_handler->getConfigsByCat(0, $xoopsModule->getVar('mid'));
}
}
//Begin: Autologin hack
if ((empty($HTTP_SESSION_VARS['xoopsUserId'])) &&
(!empty($HTTP_COOKIE_VARS['al_pass'])&&(!empty($HTTP_COOKIE_VARS['al_uname']))))
{
$myts =& MyTextsanitizer::getInstance();
$uname=$HTTP_COOKIE_VARS['al_uname'];
$pass=trim($HTTP_COOKIE_VARS['al_pass']);
$member_handler =& xoops_gethandler('member');
$myts =& MyTextsanitizer::getInstance();
$user =& $member_handler->loginUser(addslashes($myts->stripSlashesGPC($uname)),
addslashes($myts->stripSlashesGPC($pass)),true);
if ($user != false){
setcookie('al_pass', $pass, time()+86400*100,'/','',0);
setcookie('al_uname', addslashes($uname),
time()+86400*100,'/','',0);
$user->setVar('last_login', time());
if (session_id()==''){session_destroy(); session_start();};
$HTTP_SESSION_VARS = array();
$HTTP_SESSION_VARS['xoopsUserId'] = $user->getVar('uid');
$HTTP_SESSION_VARS['xoopsUserGroups'] = $user->getGroups();
if ($xoopsConfig['use_mysession'] && $xoopsConfig['session_name'] !=
'') {
setcookie($xoopsConfig['session_name'], session_id(),
time()+$xoopsConfig['session_expire'], '/', '', 0);
$HTTP_COOKIE_VARS[$xoopsConfig['session_name']]=session_id();
}
$user_theme = $user->getVar('theme');
if (in_array($user_theme, $xoopsConfig['theme_set_allowed'])) {
$HTTP_SESSION_VARS['xoopsUserTheme'] = $user_theme;
}
};
};
//End: Autologin Hack
file
kernel/member.php
/* function &loginUser($uname, $pwd)
{
$criteria = new CriteriaCompo(new Criteria('uname', $uname));
$criteria->add(new Criteria('pass', $pwd));
$user =& $this->_uHandler->getObjects($criteria, false);
if (!$user || count($user) != 1) {
return false;
}
return $user[0];
} */
//Begin: Autologin hack
function &loginUser($uname, $pwd, $al_login = false)
{
$criteria = new CriteriaCompo(new Criteria('uname', $uname));
if (!$al_login){$mypwd=md5($pwd);} else {$mypwd=$pwd;};
$criteria->add(new Criteria('pass', $mypwd));
$user =& $this->_uHandler->getObjects($criteria, false);
if (!$user || count($user) != 1) {
return false;
}
return $user[0];
}
//End: Autologin hack
file
include/checklogin.php
//
if ($uname == '' || $pass == '') {
redirect_header(XOOPS_URL.'/user.php', 1, _US_INCORRECTLOGIN);
exit();
}
if (false != $user) {
//Begin: Autologin hack
if
(!empty($HTTP_POST_VARS['union_al'])&&($HTTP_POST_VARS['union_al']=='Yes')){
setcookie('al_pass', md5($pass),
time()+86400*100,'/','',0);
setcookie('al_uname', addslashes($uname),
time()+86400*100,'/','',0);
};
//End: Autologin hack
if (0 == $user->getVar('level')) {
redirect_header(XOOPS_URL.'/index.php', 5, _US_NOACTTPADM);
exit();
}
file
user.php
if ($op == 'logout') {
$message = '';
$HTTP_SESSION_VARS = array();
session_destroy();
//Begin: Autologin hack
setcookie('al_pass', '', time()-33600,'/','',0);
setcookie('al_uname', '', time()-33600,'/','',0);
//End: Autologin hack
if ($xoopsConfig['use_mysession'] && $xoopsConfig['session_name'] != '') {
setcookie($xoopsConfig['session_name'], '', time()- 3600, '/', '', 0);
}
I think I should let you know that this hack is not the only alteration to the above mentioned files. I also have IBFM and 4images modules installed which also make changes to the common.php, checklogin.php and member.php. I don't know about user.php. I don't know if there may be a possible hack conflict but I thought it wouldn't hurt to mention the other file alterations just in case. I appreciate any help you can give me. If you need me to provide any other info like the complete .php files mentioned above, just let me know.
I am really looking forward to using this wonderful hack! Thanks AndreyRa for creating it and _masi for the wonderful idea!
